Feature Requests - Page 19 - Burp Suite User Forum

Great academy, but could do with a few minor improvements

The first would have to be the wiener:peter login id and password. It's a bit childish. I can understand the humor, but I bet it's gonna rub women the wrong way. Just a minor thing. The main issue I have is with the...

Make Predefined Payload Lists recursive

Currently when you load custom lists from a directory in 'Preset Payload Lists', the payloads that are shown do not include sub-directories or their files. It would be great to have a directory of commonly used lists that...

Extension API for WebSocket

Hi, more and more applications every day use WebSockets. In order to handle everyday assessments, it could be great to be able to be able to add Extensions also related to WebSockets, like IHttpListener to tamper traffic,...

Cluster bomb - Username enumeration via account lock

Hi, Currently working on lab "Vulnerabilities in password-based login - Username enumeration via account lock", and after sending cluster bomb attack, there is no length variation for valid account. Even I divided in...

Intruder and SNI

Hi, In recent assessment I would like to brute-force domains for a class of IP addresses (port 443, with SSL/TLS) using the Intruder of Burp Suite. New intruder versions allow to insert the insertion point also in the...

Hello

I have some issues with one of my licenses. The second license that tooked, that expires on september 2023 , when i try to activate i receive the error message that "Too many activations on this licese". I had some issues...

Progress reset

Hello, I would like to reset my labs and materials progress. Can you please reset it?

Custom Burp Collaborator Responses

It would be cool if there was an "intercept" feature for burp collaborator RESPONSES. Basically when a request comes into the collaborator, it could give an interface similar to the proxy intercept interface that allows you...

Differentiate between 'In-Scope' and 'Out of Scope'

* As a user with multiple sites listed in the Site map * I'd like to be able to differentiate between sites that are in-scope and sites that are out-of-scope * So that I can see what sites have been found and...

Integrate Burp Suite Enterprise with GitHub Actions

Hi, Please publish a GitHub action that will scan the target site and create the results in GitHub security dashboard

Windows Arm64

Windows Arm is starting to be popular. With Windows JDK I can use the JAR version - https://learn.microsoft.com/en-us/java/openjdk However, the Chromium inside is win64 It is a huge difference in performance with...

BRUTE FORCE LOGIN FORM

Hey guys i am starting-blocks with burp with brute force méthode login form. I tried to use it on website specialized for vulnérability and it seems to work gréât. When i make a request, burp gave the username and the...

Make use of the del key to be able to delete a line in the HTTP history

Hello, As you can see by the subject it is pretty easy and it's even surprising that it is not here by default. When we want to delete the reqs one by one and we quickly want to check if they are not useful, we need to...

the ability to reset a lab

after mucking about with: https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-stealing-cookies i ended up messing the pages with csrf reuests\blocking the comment form. even though i can send...

Reset labs

Could you reset all my labs and progress?

Ability to turn off proxy in Burp Browser

I think it will be helpful to have the option to turn off the proxy on Burp Browser while navigating a site. Use cases: Log in to a website without capturing the login credentials in Burp, or wanting to leave out the...

Using X-Forwarded-host in Web cache poisoning

I'm currently working on the web cache poisoning with an unkeyed header lab but whenever I put x=forwarded-host in my header I don't receive a response back. I even tested this by sending the header with just ?cb=1234 and...

Progress bar under each topic tab in learning path page

Hello, I'd like to to see the progression towards completion under each topic tab in the "learning path" page. Not sure whether it would look cool or not... Maybe make it enable/disable? Thanks for the great resources!

Limitations for recorded login sequences

Hi Support, We are in need of testing a web application that relies on google sso pop up, and as you wrote "Burp Scanner is currently unable to replay login sequences that rely on popups or <iframe> elements." there is a...

educational licence

I'm student. I can't buy PROFESSIONAL License. Can you Please give me a PROFESSIONAL. Can help me with the Pro License. Thank you.